network security computer security peter reiher november
play

Network Security Computer Security Peter Reiher November 4, 2014 - PowerPoint PPT Presentation

Feb 29, 2024 •111 likes •797 views

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136, Fall 2014 Outline Network security characteristics and threats Denial of service attacks Traffic control mechanisms Firewalls

  1. Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136, Fall 2014

  2. Outline • Network security characteristics and threats • Denial of service attacks • Traffic control mechanisms • Firewalls • Encryption for network security & VPNs • Wireless security • Honeypots and honeynets Lecture 9 Page 2 CS 136, Fall 2014

  3. Some Important Network Characteristics for Security • Degree of locality • Media used • Protocols used Lecture 9 Page 3 CS 136, Fall 2014

  4. Degree of Locality • Some networks are very local – E.g., an Ethernet – Benefits from: • Physical locality • Small number of users and machines • Common goals and interests • Other networks are very non-local – E.g., the Internet backbone – Many users/sites share bandwidth Lecture 9 Page 4 CS 136, Fall 2014

  5. Network Media • Some networks are wires, cables, or over telephone lines – Can be physically protected • Other networks are satellite links or other radio links – Physical protection possibilities more limited Lecture 9 Page 5 CS 136, Fall 2014

  6. Protocol Types • TCP/IP is the most used – But it only specifies some common intermediate levels – Other protocols exist above and below it • In places, other protocols replace TCP/IP • And there are lots of supporting protocols – Routing protocols, naming and directory protocols, network management protocols – And security protocols (IPSec, ssh, ssl) Lecture 9 Page 6 CS 136, Fall 2014

  7. Implications of Protocol Type • The protocol defines a set of rules that will always be followed – But usually not quite complete – And they assume everyone is at least trying to play by the rules – What if they don’t? • Specific attacks exist against specific protocols Lecture 9 Page 7 CS 136, Fall 2014

  8. Threats To Networks • Wiretapping • Impersonation • Attacks on message – Confidentiality – Integrity • Denial of service attacks Lecture 9 Page 8 CS 136, Fall 2014

  9. Wiretapping • Passive wiretapping is listening in illicitly on conversations • Active wiretapping is injecting traffic illicitly • Packet sniffers can listen to all traffic on a broadcast medium – Ethernet or 802.11, e.g. • Wiretapping on wireless often just a matter of putting up an antenna Lecture 9 Page 9 CS 136, Fall 2014

  10. Impersonation • A packet comes in over the network – With some source indicated in its header • Often, the action to be taken with the packet depends on the source • But attackers may be able to create packets with false sources Lecture 9 Page 10 CS 136, Fall 2014

  11. Violations of Message Confidentiality • Other problems can cause messages to be inappropriately divulged • Misdelivery can send a message to the wrong place – Clever attackers can make it happen • Message can be read at an intermediate gateway or a router • Sometimes an intruder can get useful information just by traffic analysis Lecture 9 Page 11 CS 136, Fall 2014

  12. Message Integrity • Even if the attacker can’t create the packets he wants, sometimes he can alter proper packets • To change the effect of what they will do • Typically requires access to part of the path message takes Lecture 9 Page 12 CS 136, Fall 2014

  13. Denial of Service • Attacks that prevent legitimate users from doing their work • By flooding the network • Or corrupting routing tables • Or flooding routers • Or destroying key packets Lecture 9 Page 13 CS 136, Fall 2014

  14. How Do Denial of Service Attacks Occur? • Basically, the attacker injects some form of traffic • Most current networks aren’t built to throttle uncooperative parties very well • All-inclusive nature of the Internet makes basic access trivial • Universality of IP makes reaching most of the network easy Lecture 9 Page 14 CS 136, Fall 2014

  15. An Example: SYN Flood • Based on vulnerability in TCP • Attacker uses initial request/response to start TCP session to fill a table at the server • Preventing new real TCP sessions • SYN cookies and firewalls with massive tables are possible defenses Lecture 9 Page 15 CS 136, Fall 2014

  16. Normal SYN Behavior SYN SYN/ACK ACK Table of open TCP connections Lecture 9 Page 16 CS 136, Fall 2014

  17. A SYN Flood SYN SYN SYN SYN SYN/ACK SYN/ACK SYN/ACK SYN/ACK Server can’t Table of open fill request! TCP connections Lecture 9 Page 17 CS 136, Fall 2014

  18. And no changes KEY POINT: to TCP protocol Server doesn’t SYN Cookies itself need to save SYN/ACK number is cookie value! Client IP address & port, server’s secret function of IP address and various information port, and a timer No room in the table, so send back a SYN cookie, instead Server recalculates cookie to determine if proper response Lecture 9 Page 18 CS 136, Fall 2014

  19. General Network Denial of Service Attacks • Need not tickle any particular vulnerability • Can achieve success by mere volume of packets • If more packets sent than can be handled by target, service is denied • A hard problem to solve Lecture 9 Page 19 CS 136, Fall 2014

  20. Distributed Denial of Service Attacks • Goal: Prevent a network site from doing its normal business • Method: overwhelm the site with attack traffic • Response: ? Lecture 9 Page 20 CS 136, Fall 2014

  21. The Problem Lecture 9 Page 21 CS 136, Fall 2014

  22. Why Are These Attacks Made? • Generally to annoy • Sometimes for extortion • Sometimes to prevent adversary from doing something important • If directed at infrastructure, might cripple parts of Internet Lecture 9 Page 22 CS 136, Fall 2014

  23. Attack Methods • Pure flooding – Of network connection – Or of upstream network • Overwhelm some other resource – SYN flood – CPU resources – Memory resources – Application level resource • Direct or reflection Lecture 9 Page 23 CS 136, Fall 2014

  24. Why “Distributed”? • Targets are often highly provisioned servers • A single machine usually cannot overwhelm such a server • So harness multiple machines to do so • Also makes defenses harder Lecture 9 Page 24 CS 136, Fall 2014

  25. How to Defend? • A vital characteristic: – Don’t just stop a flood – ENSURE SERVICE TO LEGITIMATE CLIENTS!!! • If you deliver a manageable amount of garbage, you haven’t solved the problem • Nor have you if you prevent a flood by dropping all packets Lecture 9 Page 25 CS 136, Fall 2014

  26. Complicating Factors • High availability of compromised machines – Millions of zombie machines out there • Internet is designed to deliver traffic – Regardless of its value • IP spoofing allows easy hiding • Distributed nature makes legal approaches hard • Attacker can choose all aspects of his attack packets – Can be a lot like good ones Lecture 9 Page 26 CS 136, Fall 2014

  27. Basic Defense Approaches • Overprovisioning • Dynamic increases in provisioning • Hiding • Tracking attackers • Legal approaches • Reducing volume of attack • None of these are totally effective Lecture 9 Page 27 CS 136, Fall 2014

  28. Traffic Control Mechanisms • Filtering – Source address filtering – Other forms of filtering • Rate limits • Protection against traffic analysis – Padding – Routing control Lecture 9 Page 28 CS 136, Fall 2014

  29. Source Address Filtering • Filtering out some packets because of their source address value – Usually because you believe their source address is spoofed • Often called ingress filtering – Or egress filtering . . . Lecture 9 Page 29 CS 136, Fall 2014

  30. Source Address Filtering for Address Assurance • Router “knows” what network it sits in front of – In particular, knows IP addresses of machines there • Filter outgoing packets with source addresses not in that range • Prevents your users from spoofing other nodes’ addresses – But not from spoofing each other’s Lecture 9 Page 30 CS 136, Fall 2014

  31. Source Address Filtering Example 95.113.27.12 56.29.138.2 My network shouldn’t be creating packets with this source address So drop the packet 128.171.192.* Lecture 9 Page 31 CS 136, Fall 2014

  32. Source Address Filtering in the Other Direction • Often called egress filtering – Or ingress filtering . . . • Occurs as packets leave the Internet and enter a border router – On way to that router’s network • What addresses shouldn’t be coming into your local network? Lecture 9 Page 32 CS 136, Fall 2014

  33. Filtering Incoming Packets 128.171.192.5 128.171.192.7 Packets with this source address should be going out, not coming in So drop the packet 128.171.192.* Lecture 9 Page 33 CS 136, Fall 2014

  34. Other Forms of Filtering • One can filter on things other than source address – Such as worm signatures, unknown protocol identifiers, etc. • Also, there are unallocated IP addresses in IPv4 space – Can filter for packets going to or coming from those addresses • Some source addresses for local use only – Internet routers can drop packets to/from them Lecture 9 Page 34 CS 136, Fall 2014

Recommend

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1 CS 136, Winter 2008 Outline Basics of network security Definitions Sample attacks Defense mechanisms Lecture 11 Page 2 CS 136,

613 views • 50 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Some Important Network Characteristics for Security Degree of locality Media used Protocols used Lecture 9

156 views • 11 slides
Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136, Fall 2014 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Malware

838 views • 67 slides
Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall 2014 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow

859 views • 70 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136, Winter 2017 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

599 views • 57 slides
Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136, Spring 2014 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.18k views • 72 slides
Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136, Winter 2008 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.19k views • 72 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 10 Page 1 CS 236 Online Firewall Configuration and Administration Again, the firewall is the point of attack for intruders

375 views • 16 slides
Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 15 Page 1 CS 236 Online Evaluating Program Security What if your task isnt writing secure code? Its determining if someone

423 views • 16 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS 136, Fall 2014 Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection systems Lecture 11

737 views • 63 slides
Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3 Page 1 CS 136, Winter 2017 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers

1.16k views • 66 slides
Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber

314 views • 28 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

347 views • 9 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1 CS 236, Spring 2008 Outline Subject of class Class topics and organization Reading material Class web page Grading Projects

838 views • 50 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1 Winter 2016 Purpose of the class To familiarize you with the basic concepts of computer networking Computer networks are increasingly key to

1.13k views • 66 slides

More recommend